Em dezembro 2, 2016 12:08 Christian Hesse escreveu:
Well, you could provide a sudoers file, a wrapper with 'sudo /usr/bin/ip $@' and add '--iproute /path/to/wrapper' in your unit file.
Sure. But I guess that the question we must ask is, do we want all this on our OpenVPN package? I know they are small additions, but wouldn't they be better on an optional dependency or something? If not, then we could add a /usr/bin/unpriv-ip, and a /etc/sudoers.d file giving openvpn user permission to run it. I just need to come up with a proper sudo rule giving permission just to do what OpenVPN needs to do and deny netns exec, for instance. Cheers, Giancarlo Razzolini.
pgpB_tuuwesCi.pgp
Description: PGP signature
